|Universal package for|
- Asus eeePC
- Debian Etch PC (x86 and mipsel)
- Letux n30, Letux 380, Letux 400
- Nokia 770, 800, 810
- Openmoko Neo1973, Freerunner
- Sharp Zaurus (Sharp ROM)
Shown at SYSTEMS 2008|
Shown at LinuxTag 2008
SimpleWebKit became part of GNUstep
Shown at FOSDEM 2008
TN001 - Software Update Manager
This technical note describes the background of the Software Update manager which is part of QuantumSTEP.
This description is not up to date.
This site www.quantum-step.com hosts a server for downloadable files. The QuantumSTEP client asks the server which new software it has recently added. The server has a database for all software it can provide telling what it needs to have installed (if any) or what must not be installed. It looks up from this database and tells the client about available packages. The response includes a unique MD5 key describing the file reference. The client then initiates the download by using this key.
The client and the server have certain expectations:
The client wants to keep secret
- who he/she is,
- which hardware is in use,
- which software is really/already installed, and
- Credit Card numbers, and
- wants to be able to refresh what he/she has already paid for,
- wants to be sure that the server is authentic.
Number 1-3: is solved by sending a list of all available software to the client and the client decides which software fits to its current installation. Only this software is requested from the server.
Number 4: is solved by using https for the download and passing the parameters by the POST method (so it is not included in the link).
Number 5: is solved by sending back an authorization code that the client has to note and can reuse.
Number 6: is solved by challenging the server for encryption of a random number. This can only be correctly decrypted if the server knows the correct decryption key for the encryption key built into the client. So, even reverse engineering the client does not help.
This is solved by requesting the MAC-id of the machine that is initiating the download and including that in the authorization code. So, the download is fixed to a single machine.
- The server does not want to reveal any files the client has not been authorized e.g. by payment.
- Passing the authorization key to somebody else should not be possible.
Please try this link: http://www.quantum-step.com/list.php to get the list of currently available software. The Software Download manager also queries this page. And you can even initate a manual download by using the file link.